diff --git a/configure.ac b/configure.ac
index 9c8dfd4d3..e725b311a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2044,6 +2044,9 @@ then
     AS_IF([test "x$FIPS_VERSION" = "xv2"],
           [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN"
            ENABLED_KEYGEN="yes"
+		   AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
+			     [ENABLED_AESCCM="yes"
+				  AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
            AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
 			     [ENABLED_RSAPSS="yes"
 				  AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 827293b83..906f360f5 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -172,10 +172,11 @@
     #endif /* HAVE_AESGCM */
 
     /* AES-CCM */
-    #ifdef HAVE_AESCCM
-        void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
+    #if defined(HAVE_AESCCM) && \
+		defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+        int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
         {
-            AesCcmSetKey(aes, key, keySz);
+            return AesCcmSetKey(aes, key, keySz);
         }
         int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                                       const byte* nonce, word32 nonceSz,
@@ -209,7 +210,7 @@
                     authTag, authTagSz, authIn, authInSz);
             }
         #endif /* HAVE_AES_DECRYPT */
-    #endif /* HAVE_AESCCM */
+    #endif /* HAVE_AESCCM && HAVE_FIPS_VERSION 2 */
 
     int  wc_AesInit(Aes* aes, void* h, int i)
     {
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 102e796a0..cd9991152 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -461,6 +461,9 @@ const char* wc_GetErrorString(int error)
     case DH_KAT_FIPS_E:
         return "wolfcrypt FIPS DH Known Answer Test Failure";
 
+    case AESCCM_KAT_FIPS_E:
+        return "AESCCM Known Answer Test check FIPS error";
+
     default:
         return "unknown error number";
 
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index a7a865ae3..7c903e1d2 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -205,8 +205,9 @@ enum {
     RSAPSS_PAT_FIPS_E   = -254,  /* RSA-PSS PAT failure */
     ECDSA_PAT_FIPS_E    = -255,  /* ECDSA PAT failure */
     DH_KAT_FIPS_E       = -256,  /* DH KAT failure */
+    AESCCM_KAT_FIPS_E   = -257,  /* AESCCM KAT failure */
 
-    WC_LAST_E           = -256,  /* Update this to indicate last error */
+    WC_LAST_E           = -257,  /* Update this to indicate last error */
     MIN_CODE_E          = -300   /* errors -101 - -299 */
 
     /* add new companion error id strings for any new error codes